OpenVPN Web Config

Post new topic   Reply to topic    DD-WRT Forum Index -> Contributions Upload
Author Message
Starfox
DD-WRT Novice


Joined: 29 May 2007
Posts: 1

PostPosted: Tue May 29, 2007 3:32    Post subject: OpenVPN Web Config Reply with quote
I would like to see a bit more functionality in the OpenVPN configuration through the web page. With the following changes, it should be possible to cover about 90% of the "common" OpenVPN setup without requiring drastic code changes. The ones I can think top of my head are:
OpenVPN Server-bridge setup from remote (allows client to act as though they are connected locally)
OpenVPN-to-OpenVPN setup (either Server-bridge or Server and Client setup between DD-WRT)
OpenVPN Client setup (what's provided right now, but with better options)
Basic OpenVPN Server setup (using --server)
Custom OpenVPN setup (using advanced command line with --config)

OpenVPN
Configure OpenVPN:
    Disabled

    Basic OpenVPN Client (--client)

    Basic OpenVPN Server-Bridge (--server-bridge)

    Basic OpenVPN Server (--server)

    Advanced OpenVPN Config


Client: (enabled only with Client)
Server IP/Address: [ ] (--remote)

Server-Bridge: (enabled only with Server-Bridge)
Note: The IP Address Range must not conflict with your DHCP Address Range
Client IP Address Range: xx.xx.xx.[ ]-xx.xx.xx.[ ]
Enable VPN Client-to-Client packet: [x] (--client-to-client)

Server: (enabled only with Server)
Note: The Network Address and Netmask should be similar to 10.20.30.0/255.255.255.0, not an IP address - OpenVPN automatically configures the device IP address.
OpenVPN Network Address: [ ].[ ].[ ].[ ]
OpenVPN Netmask: [ ].[ ].[ ].[ ]
Enable VPN Client-to-Client packet: [x] (--client-to-client)

Port:
    UDP

    UDP w/Fast-IO (--fast-io)

    TCP (--proto TCP)

Port: [1149] (iptables -I INPUT --dport <port> -j ACCEPT && --port)

Tunnel Device: (disable drop-down if server-bridge is used and use TAP bridge as default)
    TAP (bridge to br0, openvpn --mktun --dev tap0 && brctl addif br0 tap0 && --dev tap0)

    TAP (do not bridge, openvpn --mktun --dev tap0 && --dev tap0)

    TUN (openvpn --mktun --dev tun0 && --dev tun0)


Use LZO Compression:
    Adaptive (default, --comp-lzo)

    Force On (--comp-lzo --comp-noadapt)

    Force Off


Certificates:
CA Root Cert: [ ]
DH Param (Required for Server): [ ]
Local Public Cert: [ ]
Local Private Key: [ ]
Enforce Remote Certificate Type:
    Ignore Type (Strongly discouraged!)

    Server Certificate (DD-WRT is Client, --ns-cert-type server)

    Client Certificate (DD-WRT is Server, --ns-cert-type client)


Additional Options:
[ ] (pass on command-line, so you can do --verb or --config without fiddling with parsing existing config files)

This would allow for most config of OpenVPN without requiring nvram parsing and such. The whole config could be chained at the command line, like:
openvpn --config keyfile.cfg --server-bridge 192.168.1.1 255.255.255.0 192.168.1.200 192.168.1.249 --fast-io --port 1149 --dev tap0 --comp-lzo --verb 3 --config /tmp/custom.cfg

The only problem I can forsee is the push "" and escaping "'s, but maybe it's not required. I think this would go a long way to provide a easy OpenVPN configuration for most users.

-- Starfox
Sponsor
jw2k_fr
DD-WRT Novice


Joined: 08 Mar 2008
Posts: 11

PostPosted: Sun Jul 06, 2008 18:03    Post subject: Seconded Reply with quote
I think this is an excellent suggestion. Getting a basic config with static certs is, apparently, not too hard. But getting something working with full authentication is much harder.

I second the motion
switch
DD-WRT Guru


Joined: 30 Apr 2008
Posts: 967
Location: Romania

PostPosted: Mon Jul 07, 2008 11:45    Post subject: Reply with quote
Agreed in full.

It takes a lot of time and quite some networking knowledge to get a certificate-based VPN up and running.

_________________
Q: How do I do ...? A: Read the tutorials or Search forums
cyberde
DD-WRT Guru


Joined: 07 Jun 2006
Posts: 1488
Location: the Netherlands

PostPosted: Tue Jul 08, 2008 12:03    Post subject: Reply with quote
A problem might be the storage of the certificates. Since all that text might clog the nvram.
Besides that, it would help alot of people i guess Smile

_________________
Firmware: DD-WRT v24-sp2 (latest available) mega
WRT320N

Donater


Last edited by cyberde on Tue Jul 08, 2008 12:59; edited 1 time in total
olmari
DD-WRT Guru


Joined: 24 Oct 2006
Posts: 1447
Location: Finland

PostPosted: Tue Jul 08, 2008 12:58    Post subject: Reply with quote
Yeah... Cert storing can be the issue, but otherwise this would be awesome.
switch
DD-WRT Guru


Joined: 30 Apr 2008
Posts: 967
Location: Romania

PostPosted: Thu Jul 10, 2008 13:09    Post subject: Reply with quote
Not quite: the nvram can easily store the certificates on newer devices. For older models, we can always implement workarounds (i.e. if first character in the cert textbox is a "/", treat the text there as a path-to-certificate-file; if the leading char is a "-" then treat the rest of the text as a certificate).

Hell, I'd be willing to help out with the OpenVPN scripts. Testing, scripting - count me in Smile

_________________
Q: How do I do ...? A: Read the tutorials or Search forums
Goofee691
DD-WRT User


Joined: 14 Dec 2006
Posts: 141

PostPosted: Mon Jul 21, 2008 4:47    Post subject: Reply with quote
any chance this might happen in the next version of dd-wrt
switch
DD-WRT Guru


Joined: 30 Apr 2008
Posts: 967
Location: Romania

PostPosted: Mon Jul 28, 2008 10:03    Post subject: Reply with quote
Latest DD-WRT (v24 SP1) supports this.
_________________
Q: How do I do ...? A: Read the tutorials or Search forums
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Contributions Upload All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum